Malicious PDF — malware analysis report

Static analysis result for SHA-256 d1bc1c4ffe6c20db…

MALICIOUS

PDF

46.1 KB Created: 2019-03-17 04:28:18 +03:00 Authoring application: FrameMaker 7.2 (via Acrobat Distiller 7.0.5 (Windows))
MD5: d2cb605085fc56cb2b2fd7796d5a9475 SHA-1: bd09c15ab5b8ff9660f1cd307f748ea2a267cd9e SHA-256: d1bc1c4ffe6c20db383aa5cf83ea6fc56f7efaf2ce670156af5587296919393c
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The primary attack pattern appears to be a link farm designed to drive traffic to a large collection of documents hosted on www.gorillawalker.com, likely for SEO manipulation or to host malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8974

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/thunder-road-flathead-guide.pdf
    • http://www.gorillawalker.com/etale-cohomology-theory-revised-edition.pdf
    • http://www.gorillawalker.com/disability-and-information-technology-a-comparative-study-in-media-regulation.pdf
    • http://www.gorillawalker.com/beyond-the-storms-strengthening-homeland-security-and-disaster-management.pdf
    • http://www.gorillawalker.com/yoga-for-men-a-workout-for-the-body-mind-and.pdf
    • http://www.gorillawalker.com/taken-at-the-fertility-clinic-watching-my-wife-kindle-edition.pdf
    • http://www.gorillawalker.com/structuring-your-research-thesis-palgrave-research-skills.pdf
    • http://www.gorillawalker.com/coaching-the-tiki-taka-style-of-play.pdf
    • http://www.gorillawalker.com/counseling-the-alcohol-and-drug-dependent-client-a-practical-approach.pdf
    • http://www.gorillawalker.com/the-olsen-twins-today-s-superstars-entertainment.pdf
    • http://www.gorillawalker.com/decline-of-the-civil-jury.pdf
    • http://www.gorillawalker.com/the-real-mccain-why-conservatives-don-t-trust-him-and.pdf
    • http://www.gorillawalker.com/walks-in-wensleydale-circular-walks-in-the-yorkshire-dales.pdf
    • http://www.gorillawalker.com/dental-assisting-a-comprehensive-approach-workbook.pdf
    • http://www.gorillawalker.com/americanization-and-citizenhip-lessons-in-community-and-national-ideals-for.pdf
    • http://www.gorillawalker.com/model-railroading-in-small-spaces-second-edition-model-railroader-s.pdf
    • http://www.gorillawalker.com/the-not-so-wild-wild-west-property-rights-on-the.pdf
    • http://www.gorillawalker.com/anatomy-of-cross-examination-67-principles-every-trial-lawyer-needs.pdf
    • http://www.gorillawalker.com/myths-of-babylonia-and-assyria.pdf
    • http://www.gorillawalker.com/spinal-cord-injury-rehabilitation-contemporary-perspectives-in-rehabilitation.pdf
    • http://www.gorillawalker.com/control-of-virus-diseases-second-edition.pdf
    • http://www.gorillawalker.com/decoraciones-dentales-entre-los-antiguos-mayas.pdf
    • http://www.gorillawalker.com/the-national-gem-collection.pdf
    • http://www.gorillawalker.com/somebody-loves-you-mr-hatch-paperback.pdf
    • http://www.gorillawalker.com/lincoln-s-melancholy-how-depression-challenged-a-president-and-fueled.pdf
    • http://www.gorillawalker.com/mathematics-in-biology-and-medicine-proceedings-of-an-international-conference.pdf
    • http://www.gorillawalker.com/baltic-sea-estonia-russia-finland-gulf-of-finland-sudoc-d.pdf
    • http://www.gorillawalker.com/the-mystery-on-the-iditarod-trail-rkrp-08-myst-on.pdf
    • http://www.gorillawalker.com/numbers-in-graphic-design-a-sourcebook.pdf
    • http://www.gorillawalker.com/antique-map-price-guide-no-24-catalogue-of-printed-maps.pdf
    • http://www.gorillawalker.com/parenting-a-teen-girl-a-crash-course-on-conflict-communication.pdf
    • http://www.gorillawalker.com/my-lady-s-chamber-a-midtown-murder-mystery.pdf
    • http://www.gorillawalker.com/men-of-mark-a-gallery-of-contemporary-portraits-of-men.pdf
    • http://www.gorillawalker.com/introducing-gender-and-women-s-studies.pdf
    • http://www.gorillawalker.com/shutting-out-the-sun-how-japan-created-its-own-lost.pdf
    • http://www.gorillawalker.com/paleo-shopping-list-what-you-need-to-buy-to-stay.pdf
    • http://www.gorillawalker.com/pirate-captain-the-pirate-captain-chronicles-of-a-legend-book.pdf
    • http://www.gorillawalker.com/giants-monsters-and-mythical-creatures.pdf
    • http://www.gorillawalker.com/as-you-wish-inconceivable-tales-from-the-making-of-the.pdf
    • http://www.gorillawalker.com/the-art-of-extempore-speaking-or-how-to-attain-fluency.pdf
    • http://www.gorillawalker.com/coaching-the-tiki-taka-style-
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.